As well known to those skilled in the art, user authentication is an essential procedure for use in a certain information service or a certain on-line service. Such user authentication is typically performed through a user information registration step and a user identification step, and thus, only an authenticated user can use a certain service provided by a service provider. In such a conventional user authentication process, it is essentially required to input a user ID and a user password for access to a web site along with personal information on the user who wants to use the certain service.
FIG. 1 shows a flowchart for explaining a user authentication process using such a user ID and password and a bill settlement process for use of a certain service in the prior art. The user goes through a user information registration process when accessing a desired web site, and then, the user goes through a user authentication step whenever he/she uses a certain service. Referring to FIG. 1, the conventional user authentication process is mainly classified into two steps: i.e., a user information input step of inputting basic information on the user (information required by a service provider, including name, address, social security number, contact number, kinds of user's favorite contents, etc.), as shown in FIG. 1A; and a user authentication step of authenticating the user by checking a user ID and a user password, which are assigned by the user, as shown in FIG. 1B.
However, there is a problem in that the conventional user authentication process shown in FIGS. 1A and 1B has no step for identifying a user. That is, in a case where a person under age performs the user information registration step by using an illegal social security number generation application, it cannot be checked in real time. Moreover, it is difficult to monitor the illegal registration of the person under age even after the fact, if a great number of members are initiated.
In addition, in order to obtain access to desired information at a great number of web sites from which a variety of services are provided, there exists inconvenience in that a user has to input the same personal information (name, address, social security number, contact number, etc.) every web site. Further, there exists a problem in that a number of users often abandon the registration of personal information related to a bill settlement process due to a possibility of outflow of the personal information when they input the information into a web site from which information is provided at a predetermined cost. Furthermore, even in a case where there is no reliable relationship between a user and a web site, the user is reluctant to input the personal information into the web site.
In addition, there is a problem in that users with user accounts in a plurality of web sites frequently confuses or forgets their own IDs and passwords registered on the plurality of web sites.
In order to solve one of the problems in the prior art in that there is no user identification step, several web sites receives a photocopy of user identification card via facsimile from a user who has completed the user registration step to identify the relevant user. However, it also raises another problem in that an advantage of the Internet, that is, a quick access to information, cannot be sufficiently used.
In addition, in order to solve a weak security corresponding to another problem in the prior art, there has been proposed a user authentication method using a mobile communication network. Korean Patent Laid-Open Publication No. 2000-72433 discloses a user authentication method in which, when a user who wants to access a security-required system requests user authentication to an authentication system, the authentication system transmits a one-time password to a mobile communication terminal of the user, and the user confirms this password through a screen of the mobile communication terminal and manually inputs the confirmed password through a computer for access to the desired system. However, although this method is a technique that is improved in view of security over other conventional user authentication methods, there still exists inconvenience in that the user must directly confirm the transmitted one-time password through the screen of the mobile communication terminal and then manually input the password again.
In addition, in order to solve the problem of the prior art in that the user registration step has to be performed every web site to use a variety of services provided by a number of web sites, there has been proposed a method in which a user can be commonly authenticated from a plurality of web sites through one user ID and one password by sharing user information among the plurality of web sites. However, this method cannot be used widely due to conflict of interest between web site administrators and high risk of outflow of personal information against user's will.
In addition, the prior art has a further problem in that, when a bill settlement is required for certain pay contents, a user must move to a settlement page for each individual service and then input certain settlement information (name, social security number, password, etc.) again.
FIG. 1C shows a conventional bill settlement method for a used service. If a user selects pay contents and wants to settle a bill for reading of the contents by means of a mobile phone, he/she moves a new web page for inputting information (telephone number, social security number, etc.) required for settlement. Then, a certain SMS message including an authentication code is received and confirmed by the mobile phone identified by an input telephone number. Then, the confirmed authentication code is input into the web page for completing the settlement. As mentioned above, such mobile phone settlement method shown in FIG. 1C has a complicated settlement process in that the user must move a corresponding settlement web page every use of pay contents, input settlement information for each settlement, and further input an authentication code confirmed on a screen of the mobile phone into the settlement web page.
Korean Utility Model Registration No. 20-0193499 discloses a system for settling a certain amount of money by using a mobile phone or a wired telephone. A settlement process performed in the settlement system is as follows. A user who wants to receive a service accesses a carrier server through a communication network by using a first his/her own terminal. An access management and authentication confirmation apparatus of the carrier server requests the user to input a telephone number and a password of a second terminal through which he/she can be called. The user inputs the telephone number of the second terminal through which he/she receives a call and the password by which he/she can be identified as a right user, upon a request of the carrier server. The access management and authentication confirmation apparatus that has received the telephone number and the password stores the password in a database and instructs a telephone call apparatus to call the second terminal. The telephone call apparatus calls the second terminal having the telephone number received by the instruction of the access management and authentication confirmation apparatus. The access management and authentication confirmation apparatus sends a message requesting to input the password to the user when the apparatus is connected to the user. The user called through the second terminal having the known telephone number again inputs the password input at the initial access by using the called second terminal. The access management and authentication confirmation apparatus again received the password compares the again received password with the already input password for user identification, grants the user an authority to use the service when both passwords are identical to each other and causes a service providing apparatus to provide the service, and finally imposes a fee for service use on the telephone number owned by the user when the service use is ended.
However, the disclosure of the Korean Utility model does not suggest a solution for the problem of the conventional settlement method that the settlement information has to be again input every settlement and the already input password has to be again input through the mobile phone.